CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-5851
https://notcve.org/view.php?id=CVE-2016-5851
python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted document. python-docx en versiones anteriores a 0.8.6 permite a atacantes dependientes del contexto llevar a cabo ataques de XXE a través de un documento manipulado. • http://www.openwall.com/lists/oss-security/2016/06/28/7 http://www.openwall.com/lists/oss-security/2016/06/28/8 http://www.securityfocus.com/bid/91485 https://github.com/python-openxml/python-docx/blob/v0.8.6/HISTORY.rst https://github.com/python-openxml/python-docx/commit/61b40b161b64173ab8e362aec1fd197948431beb https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FFMOH7ZPOPQWNJGUZOS5LXX4MGNRXXT https://lists.fedoraproject.org/archives/list/package-announce%40lists • CWE-611: Improper Restriction of XML External Entity Reference •